The sprawling mobile devices marketplace has spawned an industrialized mobile financial fraud plexus that today drives increasingly sophisticated criminal technical innovation to exploit the mobile devices explosion. It is funded by increasing revenues derived from potent new developments in mobile malware, according to the APWG.

Mobile devices increasingly present an attractive, practical and economical alternative to traditional desktops. In the coming years, global mobile payments are predicted to exceed $1.3 trillion, moreover, presenting a mother load of opportunity for cybercrime gangs who appreciate the vulnerabilities of these peripatetic communications and computing platforms, the APWG’s analysis reports.

Malicious attackers seek out the weakest targets. In the case of smartphones attackers are quick to exploit inherent infrastructure vulnerabilities.

Attackers will choose the attack mode depending on the target. However, some basic features are strikingly similar across all operating systems. Devices may vary on design, functionality or network stack Android, iOS, Symbian OS, Microsoft Window Mobile and Palm OS, all offer:

Access or support of a mobile network.

Access to the Internet through interfaces such as Bluetooth, WLAN, infrared or GPRS

TCP/IP protocol stack.

Desktop PC synchronization

The ability to simultaneously run multiple applications

APIs to develop the applications.

APWG Mobile Fraud Research Coordinator Jart Armin said, "On one hand we can see just one example of a major European bank that in early 2012 had 100,000 mobile banking users, and by April 2013, 4 million. In contrast, there were around 50 generally known samples of mobile malware in 2010, rising in 2013 to some 30,000 samples."

APWG provides a rhetorical approach towards mobile crimeware and the intrusion supply chain's structure and examines subjects in depth from a practitioner’s perspective.

Key points that illustrate the potential for growth of an established underground malware market:

5.6 million potentially-malicious files reported on Android (APK, dyn-calls, checks-GPS, etc.), of which 1.3 million are confirmed malicious by multiple AV vendors

Mobile payments are on track to top $1.3 trillion in 2015, bring intense criminal interest

By 2015 – est. 2 billion + mobile devices

China, as an example, now has 564 million Internet users; 75% are mobile.

Spotlight

By working with the DevOps team, you can ensure that the production environment is more predictable, auditable and more secure than before. The key is to integrate your security requirements into the DevOps pipeline.

A critical vulnerability in ANTlabs InnGate devices, a popular Internet gateway for visitor-based networks and commonly installed in hotels and convention centers, has been discovered. The flaw could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user's connection.

In this interview, Raj Samani, VP and CTO EMEA at Intel Security, talks about successful information security strategies aimed at the critical infrastructure, government challenges, the role of regulation, and more.